Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2025-08-25 01:41:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.7.0
libtpms/CHANGES
Stefan Berger c72ff77ea4 CHANGES: Updated CHANGES document for 0.7.12 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-06-10 14:10:02 -04:00

107 lines
4.0 KiB
Plaintext
Raw Permalink Blame History

CHANGES - changes for libtpms
version 0.7.12:
- tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSSL 3)
- tpm2: Return TPM_RC_VALUE upon decryption failure
- tpm2: Fix the returned number in the JSON
- tpm12: Replace include of engine.h with err.h
version 0.7.11:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
- tpm2: Check return code of BN_div()
- tpm2: Do not write permanent state if only clock changed
version 0.7.10:
- tpm2: Marshal event sequence objects' hash state
- tpm2: Fixes for building and running with OpenSSL 3.0
version 0.7.9
- tpm2: NVMarshal: Handle index orderly RAM without 0-sized terminating node
- tpm2: Initialize a whole OBJECT before using it
version 0.7.8
- tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
- tpm2: Restore original value in buffer if unmarshalled one was illegal
version 0.7.7
- CryptSym: fix AES output IV
A CVE has been filed for this bugfix. Unfortunately multi-step encrypted
data won't decrypt anymore but are now compatible with other TPM 2 devices.
version 0.7.6
- tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage
This fixes a suspend/resume problem when public keys are
loaded
- tpm2: Address some Coverity issues (false positives)
- tpm1.2: Backported ASAN/UBSAN related fixes
version 0.7.5
- Note: The TPM 2 implementation returns 2048 bit keys with ~1984 bit
strength due to a bug in the TPM 2 key creation algo that cannot
easily be fixed. The bug is in RsaAjustPrimeCandidate, which is
called before the prime number check.
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK)
- tpm2: Addressed issues detected by UBSAN
- tpm2: Addressed issues detected by cppcheck (false positives)
version 0.7.4
- Addressed potential constant-time related issues in TPM 1.2 and TPM 2 code
TPM 1.2: RSA decryption
TPM 2: EcSchnorr and EcSM2 signatures; Ecsda is handled by OpenSSL
- Fixed some compilation issues
version 0.7.3
- Fixed the set of PCRs belonging to the TCB group. This affects the
pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
(master, stable branches) for test cases to succeed there.
version 0.7.2
- Fix output buffer parameter and size for RSA decryption that could cause
stack corruption under certain circumstances
- Set the RSA PSS salt length to the digest length rathern than max. possible
- Fixes to symmetric decrytion related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
to always use a temporary malloc'ed buffer for decryption
version 0.7.1
- tpm2: Fix TDES key creation by adding missing un-/marshalling functions
- tpm2: Fix a bug in CheckAuthSession
- compilation fixes for TPM 1.2 & TPM 2 and various architectures and
gcc versions
- Fix support for NIST curves P{192,224,521} and SM2 P256 and BN P648
that would not work;
- Runtime filter elliptic curves (that OpenSSL does not support) and do
not advertise those curves as capabilities
- Removed unnecessary space in MANUFACTURER "IBM " -> "IBM"
version 0.7.0
- use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
version 0.6.0
- added TPM 2 support (revision 150)
- New API calls:
- TPMLIB_CancelCommand
- TPMLIB_ChooseTPMVersion
- TPMLIB_SetDebugFD
- TPMLIB_SetDebugLevel
- TPMLIB_SetDebugPrefix
- TPMLIB_SetBufferSize
- TPMLIB_ValidateState
- TPMLIB_SetState
- TPMLIB_GetState
version 0.5.1
first public release
- release 7 increased NVRAM area for being able to store more data in
the TPM's NVRAM areas, i.e., X.509 certificates
- release 9 added two more APIs:
- TPM_Free
- TPMLIB_DecodeBlob
Reference in New Issue View Git Blame Copy Permalink